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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )^ Responsive to comnnunication(s) filed on 2-Julv-2004 , 
2a)n This action is FINAL. 2b)^ This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 24-41 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 24-32 and 36-41 is/are rejected. 

7) ^ Claim(s) 33-35 is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)[3 accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1 .121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. _ 

3. n Copies of the certified copies of the priority documents have been received in this 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Remarks 

1 . In response to communications files on 2-July-2004, claims 1-23 are cancelled; 
new claims 24-41 have been added; the specification of the disclosure, is 
amended per applicants request. Therefore, claims 24-41 are presently pending 
in the application. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirennents of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors 
Protection Act of 1999 (AlPA) and the Intellectual Property and High Technology 
Technical Amendments Act of 2002 do not apply when the reference is a U.S. 
patent resulting directly or indirectly from an international application filed before 
November 29, 2000. Therefore, the prior art date of the reference is determined 
under 35 U.S.C. 102(e) prior to the amendment by the AlPA (pre-AlPA 35 U.S.C. 
102(e)). 
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3. Claims 24-26 and 36-41 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Gunteret al . (U.S. patent 6,751,728). 

As to claim 24, Gunter et al . teaches a system, comprising: 
a distributor unit that distributes a plurality of packets and security 
association information associated with the plurality of packets according to a 
distribution scheme (see figure 3; abstract; column 1, lines 62-65; and column 2, 
lines 36-40); and 

a plurality of security processing engines, coupled to the distributor unit, 
that perform authentication and cryptographic functions (see figures 1 , 3, and 8), 

wherein the plurality of security processing engines receive at least a 
portion of the security association information associated with the packets, and 
wherein the plurality of security processing engines process the plurality of 
packets in parallel (see column 2, lines 36-40 and column 4, lines 31-35). 

As to claim 25, Gunter et al . teaches wherein the plurality of packets are 
buffered prior to being processed by the plurality of security processing engines 
(see column 3, lines 64-67 and column 4, line 1). 

As to claim 26, Gunter et al . teaches the system further comprising a 
classification module that determines security association information 
%associated with a plurality of packets, wherein the classification module is 
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configured to provide at least a portion of the security information associated with 
the packets to the distributor unit (see column 10, lines 19-23 and column 10, 
lines 33-35). 

As to claim 36, Gunter et al . teaches wherein the system is a router (see 
column 4, lines 44-46 and column 5, lines 48-51). 

As to claim 37, Gunter et al . teaches wherein the system is a firewall (see 
column 1, lines 32-35 and column 5, lines 34-37). 

As to claim 38, Gunter et al . teaches wherein the system is a network 
communication device (see abstract and column 1, lines 7-11). 

As to claim 39, Gunter et al . teaches wherein the system is a security 
gateway (see column 5, Lines 35-38). 

As to claim 40, Gunter et al . teaches wherein the system is a server (see 
column 1 , lines 24-26; column 6, lines 44-49; and column 6, lines 62-64). 



As to claim 41 , Gunter et al , teaches wherein the system is a network line 
card (see column 4, lines 14-22). 
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Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject nnatter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the art to which said subject 
matter pertains. Patentability shall not be negatived by the manner in which the invention was 
made. 



5. Claim 27 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gunter 
et al . (U.S. patent 6,751 ,728) in view of Barlow et al . (U.S patent 6,038,551 ). 

As to claim 27, Gunter et al . does not teach wherein the distributor unit 
and the plurality of security processing engines are on the same chip. 

Barlow et al . teaches system and method for configuring and managing 
resources on a multi-purpose integrated circuit card using a personal computer 
(see abstract), in which he teaches wherein the distributor unit and the plurality of 
security processing engines are on the same chip (see column 7, lines 42-45 and 
column 11, lines 43-53). 

Therefore, it would have been obvious to a person having ordinary skill in 
the art at the time the invention was made to have modified Gunter et al. , to 
include wherein the distributor unit and the plurality of security processing 
engines are on the same chip. 
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It would have been obvious to a person having ordinary skill in the art at 
the time the invention was made to have modified Gunter et al. by the teaching of 
Barlow et al. , because wherein the distributor unit and the plurality of security 
processing engines are on the same chip, would enable the system because, in 
the illustrated embodiment, the IC card 14 is configured with cryptography 
acceleration circuitry 64, shown integrated with the CPU 50, which streamlines 
cryptography computations to improve speed (see Barlow et al ., column 1 1, lines 
43-47). 

6. Claims 28-32 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gunter et al . (U.S. patent 6,751,728) in view of Leung (U.S patent 6,760,444). 

As to claim 28, Gunter et al . does not teach wherein the security 
association information includes a sequence number, an anti-replay window, and 
a lifetime of the security association. 

Leung teaches mobile IP authentication (see abstract), in which he 
teaches wherein the security association information includes a sequence 
number, an anti-replay window, and a lifetime of the security association (see 
column 3, lines 45-67 and column 4, lines 1-4). 

Therefore, it would have been obvious to a person having ordinary skill in 
the art at the time the invention was made to have modified Gunter et aL , to 
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include wherein the security association information includes a sequence 
number, an anti-replay window, and a lifetime of the security association. 

It would have been obvious to a person having ordinary skill in the art at 
the time the invention was made to have modified Gunter et al. by the teaching of 
Barlow et al. , because wherein the security association information includes a 
sequence number, an anti-replay window, and a lifetime of the security 
association, would enable the system to authenticate the packets applying the 
security association. "As described with respect to the authentication process, a 
Security Association provides information that is used to generate the 
authenticators during the authentication process", (see Leung , column 3, lines 
45-48). 

As to claim 29, Gunter et al . as modified teaches wherein the security 
association information further includes an encapsulating security payload (ESP) 
encryption algorithm identifier and one or more ESP encryption keys (see Gunter 
et al ., column 7, lines 33-39). 

As to claim 30, Gunter et al . as modified teaches wherein the security 
association information further includes an ESP authentication. algorithm identifier 
and one or more ESP authentication keys (see Gunter et al ., column 7, lines 33- 
39). 
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As to claim 31 , Gunter et al . as modified teaches wherein the security 
association information further includes an authentication header (AH) 
authentication algorithm identifier and one or more Al-I authentication keys (see 
Gunter et al ., figure 5; column 2, lines 4-9; and column 8, lines 22-27). 

As to claim 32, Gunter et al . as modified teaches wherein the security 
association information includes protocol mode information (see Gunter et al ., 
column 7, lines 10-19). 

Allowable Subject Matter 

7. Claims 33-35 are objected to as being dependent upon a rejected base claim, 
but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any inten/ening claims. 

8. The following is a statement of reasons for the indication of allowable subject 
matter: 

The prior art of record, Gunter et al. (U.S. patent 6,751 ,728) and Barlow et 
al. (U.S. patent No. 6,038,551 ), do not disclose, teach, or suggest the claimed 
limitations of (in combination with all other features in the claim): 
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wherein the distribution scheme is a round-robin distribution scheme, 
wherein the distributor unit selects a next available security processing engine in 
a round-robin manner, as claimed in claim 33. 

The prior art of record, Gunter et al, (U.S. patent 6,751 ,728) and Barlow et 
ai. (U.S. patent No. 6,038,551), do not disclose, teach, or suggest the claimed 
limitations of (in combination with all other features in the claim): 

the system further comprising an order maintenance packet retirement 
unit, as claimed in claim 34. 

Claim 35 is objected to as being dependent from the objected to 
dependent claim 34. 

Response to Arguments 

9. Applicant's arguments filed 2-July-2004 with respect to the rejected claims in 
view of the cited references have been fully considered but they are not found 
persuasive: 

In response to applicants' arguments that "neither Barlow. Markham, 
Krawczak, nor Wasilewski, alone or in combination, teach or suggest a system 
including a distributor unit that distributes a plurality of packets and security 
association information associated with the plurality of packets according to a 
distribution scheme; and a plurality of security processing engines that perform 
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authentication and cryptographic functions, coupled to the distributor unit, 
wherein the plurality of security processing engines receive at least a 
portion of the security association information associated with the packets, and 
wherein the plurality of security processing engines process the plurality of 
packets in parallel", the arguments have been fully considered but are not 
deemed persuasive, because Gunter et al. teaches a system, comprising: 
a distributor unit that distributes a plurality of packets and security 
association information associated with the plurality of packets according to a 
distribution scheme (see figure 3; abstract; column 1, lines 62-65; and column 2, 
lines 36-40); and 

a plurality of security processing engines, coupled to the distributor unit, 
that perform authentication and cryptographic functions (see figures 1 , 3, and 8), 

wherein the plurality of security processing engines receive at least a 
portion of the security association information associated with the packets, and 
wherein the plurality of security processing engines process the plurality of 
packets in parallel (see column 2, lines 36-40 and column 4, lines 31-35). 

In response to applicants' arguments that "neither Barlow, 
Markham, Krawczak, nor Wasilewski teach or suggest a router, firewall, network 
communication device, security gateway, server, or network line card" ", the 
arguments have been fully considered but are not deemed persuasive, because 
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Gunter et al. teaches a router (see column 4, lines 44-46 and column 5, lines 48- 
51 ); a firewall (see column 1 , lines 32-35 and column 5, lines 34-37); network 
communication device (see abstract and column 1, lines 7-11); a security 
gateway (see column 5, Lines 35-38); a server (see column 1, lines 24-26; 
column 6, lines 44-49; and column 6, lines 62-64); and network line card (see 
column 4, lines 14-22). 



10. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Belix M. Ortiz whose telephone number is (571 )- 
272-4081. The examiner can normally be reached on moday-friday 9am-5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Dov Popovici can be reached on (571)- 272-4083. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 



Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703- 
305-3900. 



Conclusion 



872-9306. 




bmo 



SAM RIMELL 
PRIMARY EXAMINER 



December 13, 2004 



